EP3582532B1 - Method, device and system for internet of things communication - Google Patents
Method, device and system for internet of things communication Download PDFInfo
- Publication number
- EP3582532B1 EP3582532B1 EP18872718.4A EP18872718A EP3582532B1 EP 3582532 B1 EP3582532 B1 EP 3582532B1 EP 18872718 A EP18872718 A EP 18872718A EP 3582532 B1 EP3582532 B1 EP 3582532B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- internet
- things
- things terminal
- interworking gateway
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 50
- 238000004891 communication Methods 0.000 title claims description 33
- 230000004044 response Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 description 26
- 238000012545 processing Methods 0.000 description 17
- 238000013519 translation Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000001419 dependent effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241001025261 Neoraja caerulea Species 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/02—Power saving arrangements
- H04W52/0203—Power saving arrangements in the radio access network or backbone network of wireless communication networks
- H04W52/0206—Power saving arrangements in the radio access network or backbone network of wireless communication networks in access points, e.g. base stations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/654—International mobile subscriber identity [IMSI] numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Definitions
- This application relates to the internet of things field, and in particular, to a method, an apparatus, and a system for communication between an internet of things terminal and an internet of things server in the internet of things field.
- a typical internet of things terminal with a limited capability includes a narrow band internet of things (Narrow band internet of things, NB-IoT) terminal, for example, a device such as a water meter, a watt-hour meter, or a gas meter into which an NB-IoT chip is inserted.
- NB-IoT narrow band internet of things
- an internet of things platform or an internet of things server generally authenticates the terminals in a registration procedure by using an application layer protocol, for example, a lightweight M2M protocol (Lightweight M2M, LWM2M).
- an application layer protocol for example, a lightweight M2M protocol (Lightweight M2M, LWM2M).
- LWM2M lightweight M2M protocol
- the internet of things platform or server can only authenticate a terminal based on a node identifier (NodelD) that is reported by the terminal in a registration request.
- NodeID node identifier
- This NodeID is generally regular and may be forged by another malicious terminal. Therefore, a registration method needs to be provided, to meet a requirement of low power consumption of the internet of things terminal, and ensure that the internet of things platform or server performs security authentication on the internet of things terminal.
- WO 2017/168209 A1 describes a reachability for an M2M service provider network.
- US 2017/041287 A1 describes a server initiated remote device registration.
- US 2013/332627 A1 describes enabling IP-communication with a machine to machine unit.
- HUAWEI ET AL "Use Push Proxy to reduce heartbeat/keep-alive data of Application", 3GPP DRAFT; S2-124171 WAS S2-124037 WAS S2-123644 USE PUSH PROXY TO REDUCE KEEP-ALIVE DATA OF APPLICATIONS R2, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE; 650, ROUTE DES LUCI, vol. SA WG2 12 October 2012 (2012-10-12), XP050683827 describes a proposal to use Push Proxy to reduce heartbeat/keep-alive data of Applications.
- the present invention is defined by the internet of things system of independent claim 1 and by the internet of things communication method of claim 5. Additional features of the invention are presented in the dependent claims.
- FIG. 1 is a typical networking architecture in the prior art in which an internet of things terminal accesses an internet of things platform or an internet of things server by using a telecommunications network.
- the internet of things platform or the internet of things server performs, for the internet of things terminal, management and operations that are related to a connection, a device, or a service.
- the internet of things server is used as an example to describe the technical solutions in specific embodiments, and all the embodiments that are described by using the internet of things server as an example are also applicable to the internet of things platform.
- a core network in FIG. 1 belongs to a telecommunications network provided by a telecommunication operator.
- the core network may be an evolved packet core network (evolved packet core, EPC), a 5G core network, or another type or form of telecommunications network that is defined by the 3rd generation partnership project standard organization (3rd Generation Partnership Project, 3GPP).
- the internet of things terminal may access the core network by using various access technologies or access networks, including an NB-IoT wireless access technology, 4G wireless access, 5G wireless access, Wi-Fi access, wireline access, or the like that is defined by the 3GPP.
- the core network is connected to the internet of things server by using an internet.
- a device such as a network address translation (Network Address Translation, NAT) device or a firewall is usually disposed between the core network and the internet, and between the internet of things server and the internet, to perform network isolation.
- a NAT device 1 and a NAT device 2 are used in FIG. 1 , that is, the internet of things server and the core network are located in different IP subnets or private networks. It should be noted that, if the internet of things server is deployed in a public network, the NAT device 2 may be not used, that is, in FIG. 1 , there may be only the NAT device 1 or an address translation device whose function is equivalent to that of the NAT device 1.
- the NAT device 1 is located between a private network in which the core network is located and the public network (namely, the internet in FIG. 1 ), and the NAT device 1 translates between (a private IP address, a private port number) that are of the core network and (a public IP address, a public port number) that are configured on the NAT device 1.
- the NAT device 2 is located between a private network in which the internet of things server is located and the public network, and the NAT device 2 translates between (a private IP address, a private port number) that are of the internet of things server and (a public IP address, a public port number) that are configured on the NAT device 2.
- a gateway of the core network for example, a packet data network gateway (Packet Data Network Gateway, PGW) of an EPC network or a user plane (User plane, UP) function entity of a 5G core network, allocates a private IP address (private IP-1) of a private network to which the gateway belongs, to the internet of things terminal.
- the private IP address of the internet of things server is a private IP-2 which is a private IP address of a private network to which the internet of things server belongs; and an external public address of the internet of things server is the public IP address on the NAT device 2, namely, a public IP-A.
- the NAT device When the internet of things terminal and the internet of things server exchange messages by using the access network, the core network, and the internet, the NAT device performs network address translation between a private address and public IP address for source addresses and destination addresses of the messages.
- Table 1 for a message sent by the internet of things terminal to the internet of things server (namely, an uplink message in Table 1), a source address of the uplink message from the internet of things terminal is a private IP-1, and a destination address thereof is a public IP-A.
- the NAT device 1 When the uplink message passes the NAT device 1, the NAT device 1 translates the source address of the uplink message to a public IP address on the NAT device 1, namely, a public IP-B.
- the NAT device 2 When the uplink message passes the NAT device 2, the NAT device 2 translates the destination address of the uplink message to a private address of the internet of things server, namely, a private IP-2.
- a source address of the message from the internet of things server is a private IP-1
- a destination address thereof is a public IP-B.
- the source address of the downlink message After being translated by the NAT device 2, the source address of the downlink message is changed to the public IP-B; and after being translated by the NAT device 1, the destination address of the downlink message is translated to the private IP-1.
- the internet of things server cannot learn a private IP address that is allocated by the core network to the internet of things terminal, and an address of the internet of things terminal that is included in an uplink message and that can be perceived by the internet of things server is a public address obtained after NAT translation is performed.
- the NAT device After the NAT device allocates the corresponding public address for the address of the internet of things terminal, if the NAT device does not receive a message that is from or sent to the internet of things terminal within a specific period, the NAT device no longer maintains a binding relationship or correspondence between the address of the internet of things terminal and the public address, for example, the NAT device may allocate the public address to another internet of things terminal for use. Such a case in which the NAT device releases the binding relationship or correspondence between the public address allocated to the internet of things terminal and the internet of things terminal is also referred to NAT address aging.
- the NAT device When the NAT device subsequently receives a message that is from or sent to the internet of things terminal again, the NAT device allocates a new public address, such as a public IP-C, for the internet of things terminal.
- a new public address such as a public IP-C
- the internet of things terminal and the internet of things server send a message such as a heartbeat message, so that the NAT device keeps the binding relationship and correspondence between the public address and the address of the internet of things terminal after NAT translation is performed, and the public address that is perceived by the internet of things server after NAT translation is performed and that is of the internet of things terminal remains unchanged.
- This method is also referred to as NAT keepalive.
- IP address or IP information mentioned in this application may further include information such as a port number, that is, the IP address or the IP information in this application may be an IP address, or may be an IP address and a port number.
- Table 1 Internet of things terminal Internet of things server Source address Destination address Source address Destination address Uplink message Private IP-1 Public IP-A Public IP-B Private IP-2 Downlink message Public IP-B Private IP-1 Private IP-1 Public IP-B
- a complex DTLS authentication scheme is not suitable to authenticate the internet of things terminal, and an authentication scheme based only on a device or a node identifier in an existing physical network protocol is not enough to ensure security.
- an authentication scheme based only on a device or a node identifier in an existing physical network protocol is not enough to ensure security.
- IP network especially in a telecommunications network where a telecommunication operator is credible, a source address of a message is generally difficult to forge. If the internet of things server can authenticate the source address of the uplink message in addition to authenticating the device identifier of the internet of things terminal, security and reliability on authentication of the device can be greatly increased.
- the internet of things terminal With a limited battery service life of the internet of things terminal, a limited load capacity of an NB-IoT network, a limited quantity of connections that are newly established in each cell per second, and the like, frequently sending a heartbeat message to keep NAT alive has disadvantages, for example, the battery service life of the internet of things terminal is sharply decreased, and the NB-IoT network load is occupied by a large quantity of low-value heartbeat messages. Therefore, in an actual application, the internet of things terminal generally does not support frequent sending of the heartbeat message, and then the internet of things server perceives that a source address (namely, the public address of the internet of things terminal that is obtained after NAT translation is performed) in an uplink message is not fixed. The internet of things server cannot determine or authenticate an identity of the internet of things terminal by using the source address of the uplink message.
- a source address namely, the public address of the internet of things terminal that is obtained after NAT translation is performed
- this application provides a new device, namely, an interworking gateway.
- the interworking gateway is connected to a core network, for example, the interworking gateway is connected to a PGW or a UP in the core network, and the interworking gateway is located in a same IP subnet or private network as the PGW or UP in the core network.
- the interworking gateway and an internet of things server may maintain at least one reliable transmission path for communication.
- the reliable transmission path may be a long connection, such as an encrypted or unencrypted MQTT long connection, an encrypted or unencrypted CoAP long connection, or an encrypted or unencrypted WebSocket long connection.
- the interworking gateway may address, in a reliable telecommunications network, the internet of things terminal by directly using a private address of the internet of things terminal. Therefore, no additional heartbeat message needs to be sent between the interworking gateway and the internet of things terminal, thereby reducing power consumption and performance consumption of the internet of things terminal.
- the interworking gateway communicates with the internet of things server by using a long-connection transmission path, communication security is ensured and it is not easy to steal and forge transmission information.
- the interworking gateway may communicate with the internet of things server by using both the long connection and the short connection.
- the short connection is used for communication
- the long connection is used for communication
- the short connection is used for communication
- FIG. 3 shows a process in which an internet of things terminal is attached to an EPC network by using an NB-IoT wireless network and then registered on an internet of things platform in an interworking gateway deployment scenario.
- the RAN shown in FIG. 3 is an NB-IoT wireless network and is a specific embodiment of the access network shown in FIG. 1 and FIG. 2 .
- the EPC network is a specific embodiment of the core network shown in FIG. 1 and FIG. 2 .
- the NAT device and the internet that are shown in FIG. 1 and FIG. 2 still exist in the network of the embodiment shown in FIG. 3 . Due to limitation of a message flowchart, neither the NAT device nor the internet is presented in the message flowchart shown in FIG. 3 .
- An internet of things terminal that has registered an account on an internet of things server accesses an NB-IoT wireless network and is attached to an EPC network, and a packet data protocol (Packet data protocol, PDP) context is active.
- PDP Packet data protocol
- a PGW in the EPC network allocates an IP address to the internet of things terminal. It is assumed that the allocated IP address is a private IP-1.
- account registration indicates that the internet of things server has recorded device-related information of the internet of things terminal, including information such as a device identifier and an international mobile subscriber identification number (International Mobile Subscriber Identification Number, IMSI), where the device identifier may be a node identifier (node identification, NodeID), an international mobile equipment identity (International Mobile Equipment Identity, IMEI), a media access control (Media Access Control, MAC) address, a serial number (serial number, SN), or the like.
- IMSI International Mobile Subscriber Identification Number
- NodeID node identification
- IMEI international mobile equipment identity
- Media Access Control Media Access Control
- serial number serial number
- the EPC network notifies an interworking gateway that the internet of things terminal has been attached to the EPC network.
- device online means that the internet of things terminal is attached to the EPC network.
- a message in step 302 includes at least the IP address that is allocated by the PGW in the EPC network to the internet of things terminal, and the IMSI of the internet of things terminal. This embodiment imposes no limitation on a specific network element that notifies the interworking gateway and that is in the EPC network.
- the network element that notifies the interworking gateway may be a mobility management entity (Mobility Management Entity, MME), a PGW, a home subscriber server (Home Subscriber Server, HSS), a policy and charging rules function (Policy and Charging Rules Function, PCRF) unit, or the like.
- MME Mobility Management Entity
- PGW Packet Control Entity
- HSS Home Subscriber Server
- PCRF Policy and Charging Rules Function
- the PGW may communicate with the interworking gateway by using a Diameter protocol or a RADIUS protocol.
- an ACR message is used to notify the interworking gateway that the device gets online, and the ACR message carries the IP address and the IMSI that are of the internet of things terminal.
- the interworking gateway notifies the internet of things server that the internet of things terminal gets online, where a notification message includes at least the IP address and the IMSI that are of the internet of things terminal. It should be noted that, in a specific embodiment of this application, the interworking gateway may send the message to the internet of things server by using a long connection that has been established to the internet of things server, or in another manner.
- the internet of things server receives the message in step 303, queries the device information of the internet of things terminal that has registered the account, determines the device identifier of the internet of things terminal corresponding to the IMSI, and records the IP address and the IMSI that are of the internet of things terminal. It is assumed that the interworking gateway sends the message in step 303 by using an MQTT long connection between the interworking gateway and the internet of things server, and a possible message format of the message in step 303 is as follows:
- IG represents the interworking gateway interworking gateway
- radius represents the RADIUS protocol
- the internet of things server sends a message to the interworking gateway, to update information that is related to the internet of things terminal and that is recorded by the interworking gateway.
- the message in step 304 includes at least the IP address, the IMSI, and the device identifier that are of the internet of things terminal.
- the internet of things server may send the message to the interworking gateway by using a long connection between the internet of things server and the interworking gateway, or in another manner.
- the interworking gateway receives the message in step 304, and records the IP address, the IMSI, and the device identifier that are of the internet of things terminal.
- the interworking gateway may directly record the IP address of the internet of things terminal; and the interworking gateway may not send, to the internet of things server, the IP address of the internet of things terminal, that is, the message in step 303 does not include the IP address of the internet of things terminal.
- the internet of things server adds the IMSI and the device identifier that are of the internet of things terminal to the message in step 304. It is assumed that the internet of things server sends the message in step 304 by using an MQTT long connection between the internet of things server and the interworking gateway, and a possible message format of the message in step 304 is as follows:
- the interworking gateway After the interworking gateway saves a correspondence between the device identifier and the address that are of the internet of things terminal, for a subsequently received message that is from the internet of things server and that needs to be forwarded to the internet of things terminal, provided that the message from the internet of things server includes the device identifier of the internet of things terminal, the interworking gateway may query, based on the device identifier, the corresponding address of the internet of things terminal, and then forward the message from the internet of things server to the internet of things terminal.
- the internet of things terminal sends, by using an access network and a core network, a registration request to the interworking gateway, where a destination address of the registration request is an IP address of the interworking gateway, a source address thereof is the IP address of the internet of things terminal, and the IP address of the interworking gateway and the IP address of the internet of things terminal belong to a same IP subnet or a private network.
- the registration request includes the device identifier of the internet of things terminal.
- An address of the interworking gateway may be preset on the internet of things terminal, or may be delivered by using a bootstrap procedure to the internet of things terminal before the internet of things terminal is registered.
- a specific transmission path of the registration request may be that the registration request is sent to the interworking gateway by using a PGW through an NB-IoT wireless network, or may be that the registration request is sent to the interworking gateway by using another path.
- This embodiment imposes no limitation on message routing and forwarding in the EPC network.
- the interworking gateway receives the registration request from the internet of things terminal, and parses the request to obtain the source address (namely, the IP address of the internet of things terminal) and the device identifier.
- the interworking gateway determines whether the IP address and the device identifier that are included in the registration request are recorded in the interworking gateway, and whether a correspondence between the IP address and the device identifier that are included in the registration request is the same as the correspondence between the IP address and the device identifier that are recorded in the interworking gateway. If the IP address and the corresponding device identifier that are recorded in the interworking gateway are the same as the IP address and the device identifier that are included in the registration request, the interworking gateway successfully authenticates the internet of things terminal.
- the internet of things terminal fails to be authenticated, and the interworking gateway considers that the internet of things terminal is an invalid terminal, and therefore rejects the registration request.
- the interworking gateway After successfully authenticating the internet of things terminal, the interworking gateway sends the registration request to the internet of things server.
- the internet of things server creates a registration record for the internet of things terminal.
- the internet of things server may further allocate a new device identifier to the internet of things terminal.
- the internet of things server returns a registration response to the interworking gateway, where the registration response includes the device identifier of the internet of things terminal. If the internet of things server allocates a new device identifier to the internet of things terminal, the internet of things server may further add, to the registration response in step 308, the new device identifier that is allocated by the internet of things server to the internet of things terminal, and the interworking gateway records the new device identifier that is allocated by the internet of things server to the internet of things terminal. Subsequently, the internet of things server and the interworking gateway may identify the internet of things device by using the new device identifier.
- the interworking gateway may obtain, through query based on a new device identifier that is of an internet of things terminal and that is included in a message from the internet of things server, a corresponding address of the internet of things terminal, and then forward the message from the internet of things server to the internet of things terminal by using the core network.
- the interworking gateway determines a corresponding address of the internet of things terminal based on the device identifier that is of the internet of things terminal and that is included in the registration response, and sends the registration response to the internet of things terminal by using the core network, where the source address of the registration response is the IP address of the interworking gateway, and the destination address of the registration response is the IP address of the internet of things terminal.
- the registration response may include the new device identifier that is allocated by the internet of things server to the internet of things terminal.
- the internet of things terminal completes a registration procedure on the internet of things server. It can be learned from the technical solution shown in FIG. 3 that, from a perspective of the internet of things terminal, the internet of things terminal registers with a destination address of the interworking gateway.
- the interworking gateway serves as an agent of the internet of things server in an operator network (an EPC network); and because the interworking gateway can perceive a real IP address of the internet of things terminal and obtain the device identifier of the internet of things terminal from the internet of things server, the interworking gateway may replace the internet of things server to authenticate the internet of things terminal. Therefore, actually, the internet of things terminal finally registers with a destination address of the internet of things server.
- the interworking gateway may further record or process service data of the internet of things terminal based on a service requirement, such as local data processing, data cleansing, and data caching.
- a service requirement such as local data processing, data cleansing, and data caching.
- deployment of the interworking gateway further shields a difference among a huge quantity of the internet of things terminals, thereby simplifying processing of the internet of things server.
- Different internet of things terminals may support different communication protocols.
- the internet of things server may communicate, by using the interworking gateway, with different internet of things terminals based on a same connection manner, message format, or cell type.
- device identifiers that are supported by the internet of things terminals may vary greatly in type and encoding format.
- the internet of things server allocates a new device identifier to the internet of things terminal, and notifies the interworking gateway of the new device identifier by adding the new device identifier to the message in step 308, and therefore, the internet of things server and the interworking gateway may identify different internet of things terminals by using the device identifiers of a same type and a same format.
- the interworking gateway is responsible for translation between information such as the device identifier allocated by the internet of things server, the device identifier supported by the internet of things terminal, and the IP address of the internet of things terminal.
- a message or data that is sent by the internet of things server to the internet of things terminal is first sent to the interworking gateway, and then forwarded by the interworking gateway to the internet of things terminal, and therefore, the internet of things server further needs to record and update in real time the interworking gateway that is connected to the internet of things terminal by using the access network and the core network.
- the internet of things server After the internet of things server receives the message in step 303 that is sent by the interworking gateway, the internet of things server needs to record an identifier of the interworking gateway, and the internet of things server can subsequently communicate with the internet of things terminal by using the interworking gateway.
- the internet of things terminal may communicate with the internet of things server by using different interworking gateways.
- the internet of things terminal may be connected to different interworking gateways in different regions.
- the core network may connect the internet of things terminal to different interworking gateways. Therefore, after receiving the message in step 303, the internet of things server further needs to determine whether an interworking gateway (namely, an interworking gateway previously connected to the internet of things terminal) that is locally recorded and that is connected to the internet of things terminal is the same as the interworking gateway (namely, an interworking gateway currently connected to the internet of things terminal) that sends the message in step 303.
- an interworking gateway namely, an interworking gateway previously connected to the internet of things terminal
- the internet of things terminal further needs to send a message to the interworking gateway previously connected to the internet of things terminal, to notify the interworking gateway previously connected to the internet of things terminal of clearing related records and information of the internet of things terminal, for example, the device identifier, the IP address, the IMSI, and like information that are of the internet of things terminal.
- the core network sends a message to the interworking gateway to update a status of the internet of things terminal; and then the interworking gateway notifies the internet of things server of updating the status of the internet of things terminal.
- the internet of things server also notifies the interworking gateway of clearing related information of the internet of things terminal, as shown in FIG. 4 .
- An internet of things terminal is disconnected from a core network.
- For a detailed procedure refer to a detach procedure defined in a 3GPP standard. Details are not described herein.
- An EPC network notifies an interworking gateway that the internet of things terminal has been disconnected from the EPC network.
- device offline means that the internet of things terminal is detached.
- a message in step 402 includes at least an IMSI of the internet of things terminal.
- MME mobility management entity
- PGW Packet Control Entity
- HSS Home Subscriber Server
- PCRF Policy and Charging Rules Function
- the PGW may communicate with the interworking gateway by using a Diameter protocol or a RADIUS protocol.
- a Diameter protocol For example, an ACR message is used to notify the interworking gateway that the device gets offline, and the ACR message carries the IMSI of the internet of things terminal.
- the interworking gateway receives a device offline notification, and forwards the device offline notification to an internet of things server.
- the internet of things server receives the message in step 403 and updates a locally recorded status of the internet of things terminal, for example, the recorded status of the internet of things terminal is "unreachable”.
- the internet of things server sends a message in step 404 to the interworking gateway to notify the interworking gateway of clearing related records and information of the internet of things terminal, for example, a device identifier, an IP address, and the IMSI, and like information that are of the internet of things terminal.
- the message in step 404 includes at least the device identifier or the IMSI of the internet of things terminal, where the device identifier may be a device identifier that is allocated by the internet of things server to the internet of things terminal in a registration procedure of the internet of things terminal.
- the internet of things server notifies, in a timely manner, the interworking gateway of updating or deleting information and records that are recorded by the interworking gateway and that are of the internet of things terminal, to avoid recording invalid or expired information of the internet of things terminal on the interworking gateway, reduce a volume of data that needs to be maintained by the interworking gateway, and improve performance of the interworking gateway.
- the internet of things terminal sends the registration request to the interworking gateway by using the message in step 305.
- the address of the interworking gateway may be pre-configured in the internet of things terminal, or may be sent by a bootstrap (Bootstrap) server to the internet of things terminal by following a procedure shown in FIG. 5 before the message in step 305 is sent.
- the bootstrap server is configured to send, to the internet of things terminal, initialization information required for device running, such as an address of a registration server, and software and hardware version information.
- internet of things servers may be functionally classified into a plurality of types, such as a device management server, a service server, and a bootstrap server.
- a bootstrap function that is performed by the internet of things server in FIG. 5 may be performed by an independently disposed bootstrap server, or may be performed by the internet of things server in FIG. 3 . It should be further noted that the internet of things server that is shown in FIG. 5 and that performs the bootstrap function records whether the terminal performs a bootstrap procedure.
- steps 501 to 503 are the same as the messages in steps 301 to 303. Details are not described herein again.
- An internet of things server receives the message in step 503, determines, based on an IMSI included in the message in step 503, that an internet of things terminal has not completed a bootstrap procedure, and therefore, sends bootstrap information to an interworking gateway, where the bootstrap information includes at least a device identifier of the internet of things terminal and an address or identifier of the interworking gateway.
- the identifier may be a URI; and a specific format of the URI is not limited, and may be a fully qualified domain name (Fully Qualified Domain Name, FQDN) format or any other format.
- FQDN Fully Qualified Domain Name
- the interworking gateway receives the message in step 504, determines, based on the device identifier of the internet of things terminal, an address of the internet of things terminal, and sends, to the internet of things terminal, the bootstrap information that includes the address or identifier of the interworking gateway.
- the internet of things terminal receives the message, and the address of the interworking gateway is used as a destination address for subsequent registration.
- a manufacturer of the internet of things terminal may not pre-configure the bootstrap information in a production phase. This not only reduces production costs, but also reduces a requirement for a supply chain. For example, during product delivery and exchange, it is not required to match bootstrap information pre-configured in an internet of things terminal and an order.
- the interworking gateway provided in this application may be implemented by a computer device (or a system) in FIG. 6 .
- FIG. 6 is a schematic diagram of a computer device according to this application.
- the computer device 600 includes at least one processor 601, a communications bus 602, a memory 603, and at least one communications interface 604.
- the processor 601 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (application-specific integrated circuit, ASIC), or one or more integrated circuits configured to control program execution of the solutions in this application.
- CPU central processing unit
- ASIC application-specific integrated circuit
- the communications bus 602 may include a path for transmitting information between the foregoing components.
- the communications interface 604 can be any apparatus such as a transceiver, and is configured to communicate with another device or a communications network, such as the Ethernet, a radio access network (radio access network, RAN), or a wireless local area network (wireless local area networks, WLAN).
- a communications network such as the Ethernet, a radio access network (radio access network, RAN), or a wireless local area network (wireless local area networks, WLAN).
- the memory 603 may be a read-only memory (read-only memory, ROM) or another type of static storage device that can store static information and instructions, or a random access memory (random access memory, RAM) or another type of dynamic storage device that can store information and instructions, or may be an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM) or another compact disc storage, an optical disc storage (including a compact disc, a laser disc, an optical disc, a digital versatile disc, a blue-ray optical disc, and the like), a magnetic disk storage medium or another magnetic storage device, or any other medium capable of carrying or storing expected program code in a form of instructions or data structures and capable of being accessed by a computer, but is not limited thereto.
- the memory may exist independently and is connected to the processor by using the bus. Alternatively, the memory may be integrated with the processor.
- the memory 603 is configured to store application program code for executing the solutions in this application, and the processor 601 controls the execution.
- the processor 601 is configured to execute the application program code stored in the memory 603, to implement a function of an interworking gateway in the present patent method.
- the processor 601 may include one or more CPUs, for example, a CPU 0 and a CPU 1 in FIG. 6 .
- the computer device 600 may include a plurality of processors, for example, a processor 601 and a processor 608 in FIG. 6 .
- Each of the processors may be a single-core (or single-CPU) processor, or may be a multi-core (or multi-CPU) processor.
- the processor herein may be one or more devices, circuits, and/or processing cores used to process data (for example, a computer program instruction).
- the computer device 600 may further include an output device 605 and an input device 606.
- the output device 605 communicates with the processor 601, and may display information in a plurality of manners.
- the output device 605 may be a liquid crystal display (liquid crystal display, LCD), a light emitting diode (light emitting diode, LED) display device, a cathode-ray tube (cathode ray tube, CRT) display device, or a projector (projector).
- the input device 606 communicates with the processor 601, and may receive an input of a user in a plurality of manners.
- the input device 606 may be a mouse, a keyboard, a touchscreen device, or a sensing device.
- the computer device 600 may be a general-purpose computer device or a dedicated computer device.
- the computer device 600 may be a desktop computer, a portable computer, a dedicated server, a communications device, an embedded device, or a device having a structure similar to that in FIG. 6 .
- a type of the computer device 600 is not limited in this application.
- the interworking gateway may be further divided into functional modules.
- each functional module may be obtained through division based on a corresponding function, or two or more functions may be integrated into one module.
- the integrated module may be implemented in a form of hardware, or may be implemented in a form of a software function module. It should be noted that the module division in the embodiments of the present invention is an example, and is only logical function division. There may be other division manners in actual implementation.
- FIG. 7 is a schematic structural diagram of an apparatus, and the apparatus implements functions of the interworking gateway in the foregoing embodiments.
- a function of a functional module in the apparatus 700 may be implemented by a chip. This is not specifically limited in this embodiment of this application.
- the apparatus 700 includes a server communications module 701, a service processing module 702, a storage module 703, and a terminal communications module 704.
- the server communications module 701 is configured to communicate with an internet of things server.
- the server communications module 701 creates and maintains a long connection between an interworking gateway and the internet of things server, to communicate with the internet of things server by using the long connection or another connection mode.
- the service processing module 702 is configured to: process a message that is received by the server communications module 701 from the internet of things server; send, to an internet of things terminal by using the terminal communications module 704, a message that needs to be forwarded to the internet of things terminal; process a message that is received by the terminal communications module 704 from the internet of things terminal; and send, to an internet of things server by using the server communications module 701, a message that needs to be forwarded to the internet of things server.
- the storage module 703 stores information (for example, a device identifier that is allocated by the internet of things server to the internet of things terminal, and a device identifier, an IP address, and an IMSI that are of the internet of things terminal) that needs to be stored or recorded in a message or service processing procedure of the service processing module 702.
- information for example, a device identifier that is allocated by the internet of things server to the internet of things terminal, and a device identifier, an IP address, and an IMSI that are of the internet of things terminal
- the service processing module 702 When translating or forwarding a message between the internet of things server and the internet of things terminal, the service processing module 702 further needs to obtain necessary information from the storage module 703.
- the service processing module 702 processes the message that is received by the server communications module 701 from the internet of things server, and it is determined that the message needs to be forwarded to the internet of things terminal, the service processing module 702 obtains, from the storage module 703 based on the device identifier (which may be the device identifier that is allocated by the internet of things server to the internet of things terminal) that is carried in the message from the internet of things server and that is of the internet of things terminal, the IP address that corresponds to the device identifier of the internet of things terminal; and sends the message from the internet of things server to the internet of things terminal by using the terminal communications module 704.
- Service processing supported by the service processing module 702 includes message parsing, message format translation, message forwarding, processing of information or data in a message, storage of the information or data in the message, and the like.
- the storage module 703 interacts with the service processing module 702, and is responsible for storing and reading data or information.
- the terminal communications module 704 receives the message from the internet of things terminal by using a core network and an access network, or sends a message to the internet of things terminal by using a core network and an access network.
- the functional module may be implemented in a form of hardware, or may be implemented in a form of a software function module.
- the apparatus 700 may use a form shown in FIG. 6 .
- the service processing module 702 in FIG. 7 may be implemented by the processor 601 in FIG. 6
- the storage module in FIG. 7 may be implemented by the memory 603 in FIG. 6 .
- the apparatus 700 shown in FIG. 7 is a chip
- functions/implementation processes of the server communications module 701 and the terminal communications module 704 may alternatively be implemented by a pin or a circuit.
- the storage module 703 may be a storage unit in the chip, for example, a register or a cache.
- the storage module 703 may be a storage unit located outside the chip.
- All or some of the foregoing embodiments may be implemented by software, hardware, firmware, or any combination thereof.
- the embodiments When the embodiments are implemented by software, the embodiments may be implemented fully or partially in a form of a computer program product.
- the computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or the functions according to the embodiments of the present invention are fully or partially generated.
- the computer may be a general-purpose computer, a dedicated computer, a computer network, or another programmable apparatus.
- the computer instructions may be stored in a computer-readable storage medium or may be transmitted from a computer-readable storage medium to another computer-readable storage medium.
- the computer instructions may be transmitted from a website, computer, server, or data center to another website, computer, server, or data center in a wired (for example, a coaxial cable, an optical fiber, or a digital subscriber line (DSL)) or wireless (for example, infrared, radio, or microwave) manner.
- the computer-readable storage medium may be any usable medium accessible by a computer, or a data storage device, such as a server or a data center, integrating one or more usable media.
- the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a DVD), a semiconductor medium (for example, a solid-state drive Solid State Disk (SSD)), or the like.
- a magnetic medium for example, a floppy disk, a hard disk, or a magnetic tape
- an optical medium for example, a DVD
- a semiconductor medium for example, a solid-state drive Solid State Disk (SSD)
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- Databases & Information Systems (AREA)
- Cardiology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Description
- This application relates to the internet of things field, and in particular, to a method, an apparatus, and a system for communication between an internet of things terminal and an internet of things server in the internet of things field.
- In an internet of things system, there are a large quantity of internet of things terminals with a limited capability or a limited resource. Due to small memory or limited power supply, and the like, these terminals are generally characterized by small traffic, a low rate, low power consumption, low costs, and the like. A typical internet of things terminal with a limited capability includes a narrow band internet of things (Narrow band internet of things, NB-IoT) terminal, for example, a device such as a water meter, a watt-hour meter, or a gas meter into which an NB-IoT chip is inserted. Because the internet of things terminals with a limited capability cannot support performance consumption that is caused by an authentication scheme (such as DTLS) with a complex procedure, an internet of things platform or an internet of things server generally authenticates the terminals in a registration procedure by using an application layer protocol, for example, a lightweight M2M protocol (Lightweight M2M, LWM2M). However, in the LWM2M protocol, the internet of things platform or server can only authenticate a terminal based on a node identifier (NodelD) that is reported by the terminal in a registration request. This NodeID is generally regular and may be forged by another malicious terminal. Therefore, a registration method needs to be provided, to meet a requirement of low power consumption of the internet of things terminal, and ensure that the internet of things platform or server performs security authentication on the internet of things terminal.
-
WO 2017/168209 A1 describes a reachability for an M2M service provider network.US 2017/041287 A1 describes a server initiated remote device registration. -
US 2013/332627 A1 describes enabling IP-communication with a machine to machine unit. - HUAWEI ET AL: "Use Push Proxy to reduce heartbeat/keep-alive data of Application", 3GPP DRAFT; S2-124171 WAS S2-124037 WAS S2-123644 USE PUSH PROXY TO REDUCE KEEP-ALIVE DATA OF APPLICATIONS R2, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE; 650, ROUTE DES LUCI, vol. SA WG2 12 October 2012 (2012-10-12), XP050683827 describes a proposal to use Push Proxy to reduce heartbeat/keep-alive data of Applications.
- The present invention is defined by the internet of things system of
independent claim 1 and by the internet of things communication method of claim 5. Additional features of the invention are presented in the dependent claims. -
-
FIG. 1 is a schematic architectural diagram of an internet of things system in the prior art; -
FIG. 2 is a schematic architectural diagram of an internet of things system according to an embodiment of the present invention; -
FIG. 3 is a flowchart of an internet of things terminal registration method according to an embodiment of the present invention; -
FIG. 4 is a flowchart of an internet of things terminal detach method according to an embodiment of the present invention; -
FIG. 5 is a flowchart of a bootstrap method according to an embodiment of the present invention; -
FIG. 6 is a schematic diagram of a computer device according to an embodiment of the present invention; and -
FIG. 7 is a schematic diagram of an interworking gateway function module according to an embodiment of the present invention. -
FIG. 1 is a typical networking architecture in the prior art in which an internet of things terminal accesses an internet of things platform or an internet of things server by using a telecommunications network. The internet of things platform or the internet of things server performs, for the internet of things terminal, management and operations that are related to a connection, a device, or a service. For ease of description, in this application, the internet of things server is used as an example to describe the technical solutions in specific embodiments, and all the embodiments that are described by using the internet of things server as an example are also applicable to the internet of things platform. A core network inFIG. 1 belongs to a telecommunications network provided by a telecommunication operator. The core network may be an evolved packet core network (evolved packet core, EPC), a 5G core network, or another type or form of telecommunications network that is defined by the 3rd generation partnership project standard organization (3rd Generation Partnership Project, 3GPP). The internet of things terminal may access the core network by using various access technologies or access networks, including an NB-IoT wireless access technology, 4G wireless access, 5G wireless access, Wi-Fi access, wireline access, or the like that is defined by the 3GPP. The core network is connected to the internet of things server by using an internet. In consideration of a factor such as security or network planning, a device such as a network address translation (Network Address Translation, NAT) device or a firewall is usually disposed between the core network and the internet, and between the internet of things server and the internet, to perform network isolation. For example, aNAT device 1 and aNAT device 2 are used inFIG. 1 , that is, the internet of things server and the core network are located in different IP subnets or private networks. It should be noted that, if the internet of things server is deployed in a public network, theNAT device 2 may be not used, that is, inFIG. 1 , there may be only theNAT device 1 or an address translation device whose function is equivalent to that of theNAT device 1. - It is assumed that the core network and the internet of things server are located in different private networks. The
NAT device 1 is located between a private network in which the core network is located and the public network (namely, the internet inFIG. 1 ), and theNAT device 1 translates between (a private IP address, a private port number) that are of the core network and (a public IP address, a public port number) that are configured on theNAT device 1. TheNAT device 2 is located between a private network in which the internet of things server is located and the public network, and theNAT device 2 translates between (a private IP address, a private port number) that are of the internet of things server and (a public IP address, a public port number) that are configured on theNAT device 2. After the internet of things terminal is attached to the core network, a gateway of the core network, for example, a packet data network gateway (Packet Data Network Gateway, PGW) of an EPC network or a user plane (User plane, UP) function entity of a 5G core network, allocates a private IP address (private IP-1) of a private network to which the gateway belongs, to the internet of things terminal. The private IP address of the internet of things server is a private IP-2 which is a private IP address of a private network to which the internet of things server belongs; and an external public address of the internet of things server is the public IP address on theNAT device 2, namely, a public IP-A. When the internet of things terminal and the internet of things server exchange messages by using the access network, the core network, and the internet, the NAT device performs network address translation between a private address and public IP address for source addresses and destination addresses of the messages. As shown in Table 1, for a message sent by the internet of things terminal to the internet of things server (namely, an uplink message in Table 1), a source address of the uplink message from the internet of things terminal is a private IP-1, and a destination address thereof is a public IP-A. When the uplink message passes theNAT device 1, theNAT device 1 translates the source address of the uplink message to a public IP address on theNAT device 1, namely, a public IP-B. When the uplink message passes theNAT device 2, theNAT device 2 translates the destination address of the uplink message to a private address of the internet of things server, namely, a private IP-2. Correspondingly, for a downlink message sent by the internet of things server to the internet of things terminal, a source address of the message from the internet of things server is a private IP-1, and a destination address thereof is a public IP-B. After being translated by theNAT device 2, the source address of the downlink message is changed to the public IP-B; and after being translated by theNAT device 1, the destination address of the downlink message is translated to the private IP-1. It can be learned that, because the core network and the internet of things server are not in a same IP subnet or private network, the internet of things server cannot learn a private IP address that is allocated by the core network to the internet of things terminal, and an address of the internet of things terminal that is included in an uplink message and that can be perceived by the internet of things server is a public address obtained after NAT translation is performed. After the NAT device allocates the corresponding public address for the address of the internet of things terminal, if the NAT device does not receive a message that is from or sent to the internet of things terminal within a specific period, the NAT device no longer maintains a binding relationship or correspondence between the address of the internet of things terminal and the public address, for example, the NAT device may allocate the public address to another internet of things terminal for use. Such a case in which the NAT device releases the binding relationship or correspondence between the public address allocated to the internet of things terminal and the internet of things terminal is also referred to NAT address aging. When the NAT device subsequently receives a message that is from or sent to the internet of things terminal again, the NAT device allocates a new public address, such as a public IP-C, for the internet of things terminal. To keep the public address that is of the internet of things terminal and that undergoes NAT translation from being aged, generally, the internet of things terminal and the internet of things server send a message such as a heartbeat message, so that the NAT device keeps the binding relationship and correspondence between the public address and the address of the internet of things terminal after NAT translation is performed, and the public address that is perceived by the internet of things server after NAT translation is performed and that is of the internet of things terminal remains unchanged. This method is also referred to as NAT keepalive. It should be noted that an IP address or IP information mentioned in this application may further include information such as a port number, that is, the IP address or the IP information in this application may be an IP address, or may be an IP address and a port number.Table 1 Internet of things terminal Internet of things server Source address Destination address Source address Destination address Uplink message Private IP-1 Public IP-A Public IP-B Private IP-2 Downlink message Public IP-B Private IP-1 Private IP-1 Public IP-B - As described in the background, a complex DTLS authentication scheme is not suitable to authenticate the internet of things terminal, and an authentication scheme based only on a device or a node identifier in an existing physical network protocol is not enough to ensure security. In an IP network, especially in a telecommunications network where a telecommunication operator is credible, a source address of a message is generally difficult to forge. If the internet of things server can authenticate the source address of the uplink message in addition to authenticating the device identifier of the internet of things terminal, security and reliability on authentication of the device can be greatly increased.
- However, with a limited battery service life of the internet of things terminal, a limited load capacity of an NB-IoT network, a limited quantity of connections that are newly established in each cell per second, and the like, frequently sending a heartbeat message to keep NAT alive has disadvantages, for example, the battery service life of the internet of things terminal is sharply decreased, and the NB-IoT network load is occupied by a large quantity of low-value heartbeat messages. Therefore, in an actual application, the internet of things terminal generally does not support frequent sending of the heartbeat message, and then the internet of things server perceives that a source address (namely, the public address of the internet of things terminal that is obtained after NAT translation is performed) in an uplink message is not fixed. The internet of things server cannot determine or authenticate an identity of the internet of things terminal by using the source address of the uplink message.
- As shown in
FIG. 2 , this application provides a new device, namely, an interworking gateway. The interworking gateway is connected to a core network, for example, the interworking gateway is connected to a PGW or a UP in the core network, and the interworking gateway is located in a same IP subnet or private network as the PGW or UP in the core network. In addition to a short connection that may be used to transmit messages and data, the interworking gateway and an internet of things server may maintain at least one reliable transmission path for communication. The reliable transmission path may be a long connection, such as an encrypted or unencrypted MQTT long connection, an encrypted or unencrypted CoAP long connection, or an encrypted or unencrypted WebSocket long connection. PGWs or UPs that are in the interworking gateway and a telecommunications network are located in a same IP subnet or private network, and there is no address translation device between the interworking gateway and an internet of things terminal, the interworking gateway may address, in a reliable telecommunications network, the internet of things terminal by directly using a private address of the internet of things terminal. Therefore, no additional heartbeat message needs to be sent between the interworking gateway and the internet of things terminal, thereby reducing power consumption and performance consumption of the internet of things terminal. In addition, when the interworking gateway communicates with the internet of things server by using a long-connection transmission path, communication security is ensured and it is not easy to steal and forge transmission information. In this embodiment of this application, a scheme in which the long connection is used between the interworking gateway and the internet of things server is mainly described, and a scheme in which the short connection is used between the interworking gateway and the internet of things server for communication is not described in this application. It should be noted that the interworking gateway may communicate with the internet of things server by using both the long connection and the short connection. For example, for an uplink message sent by the interworking gateway to the internet of things server, the short connection is used for communication, and for a downlink message sent by the internet of things server to the interworking gateway, the long connection is used for communication; or for an uplink message sent by the interworking gateway to the internet of things server, the long connection is used for communication, and for a downlink message sent by the internet of things server to the interworking gateway, the short connection is used for communication. -
FIG. 3 shows a process in which an internet of things terminal is attached to an EPC network by using an NB-IoT wireless network and then registered on an internet of things platform in an interworking gateway deployment scenario. The RAN shown inFIG. 3 is an NB-IoT wireless network and is a specific embodiment of the access network shown inFIG. 1 andFIG. 2 . The EPC network is a specific embodiment of the core network shown inFIG. 1 andFIG. 2 . The NAT device and the internet that are shown inFIG. 1 andFIG. 2 still exist in the network of the embodiment shown inFIG. 3 . Due to limitation of a message flowchart, neither the NAT device nor the internet is presented in the message flowchart shown inFIG. 3 . - 301. An internet of things terminal that has registered an account on an internet of things server accesses an NB-IoT wireless network and is attached to an EPC network, and a packet data protocol (Packet data protocol, PDP) context is active. For related access and attach procedures and a PDP context activation procedure, refer to related 3GPP standard protocols such as 3GPP TS 23.401 and 3GPP TS 23.060. Details are not described herein. After the internet of things terminal is attached to the EPC network, a PGW in the EPC network allocates an IP address to the internet of things terminal. It is assumed that the allocated IP address is a private IP-1. It should be noted that account registration indicates that the internet of things server has recorded device-related information of the internet of things terminal, including information such as a device identifier and an international mobile subscriber identification number (International Mobile Subscriber Identification Number, IMSI), where the device identifier may be a node identifier (node identification, NodeID), an international mobile equipment identity (International Mobile Equipment Identity, IMEI), a media access control (Media Access Control, MAC) address, a serial number (serial number, SN), or the like.
- 302. The EPC network notifies an interworking gateway that the internet of things terminal has been attached to the EPC network. In
FIG. 3 , "device online" means that the internet of things terminal is attached to the EPC network. A message instep 302 includes at least the IP address that is allocated by the PGW in the EPC network to the internet of things terminal, and the IMSI of the internet of things terminal. This embodiment imposes no limitation on a specific network element that notifies the interworking gateway and that is in the EPC network. Specifically, the network element that notifies the interworking gateway may be a mobility management entity (Mobility Management Entity, MME), a PGW, a home subscriber server (Home Subscriber Server, HSS), a policy and charging rules function (Policy and Charging Rules Function, PCRF) unit, or the like. When the PGW in the EPC network is connected to the interworking gateway and the PGW sends the message instep 302 to the interworking gateway, in a possible implementation, the PGW may communicate with the interworking gateway by using a Diameter protocol or a RADIUS protocol. For example, an ACR message is used to notify the interworking gateway that the device gets online, and the ACR message carries the IP address and the IMSI that are of the internet of things terminal. - 303. The interworking gateway notifies the internet of things server that the internet of things terminal gets online, where a notification message includes at least the IP address and the IMSI that are of the internet of things terminal. It should be noted that, in a specific embodiment of this application, the interworking gateway may send the message to the internet of things server by using a long connection that has been established to the internet of things server, or in another manner. The internet of things server receives the message in
step 303, queries the device information of the internet of things terminal that has registered the account, determines the device identifier of the internet of things terminal corresponding to the IMSI, and records the IP address and the IMSI that are of the internet of things terminal. It is assumed that the interworking gateway sends the message instep 303 by using an MQTT long connection between the interworking gateway and the internet of things server, and a possible message format of the message instep 303 is as follows:
Topic:.IGs. {IGId}.event.radiusEvent Payload: { "header": { "from": "∗∗∗" "to": "∗∗∗", "requestId": " frequestId}", "timestamp": "{timestamp}", }, "body": { RadiusMessageType": "{Start}", "UE_IP": "{UE_IP}", "IMSI": "{IMSI}", } }
Topic:.IGs. {IGId}.event.radiusEvent Payload: { "header": { "from": "∗∗∗" "to": "∗∗∗" "requestId": " frequestId}", "timestamp": "{timestamp}", }, "body": { "RadiusMessageType": " {Start} ", "UE_IP": "{UE_IP}", "IMSI": "{IMSI}", "deviceNodeID": "{NodeID}", } }
Claims (12)
- An internet of things system, comprising an internet of things server and an interworking gateway, whereinthe internet of things server is configured to record account registration information of an internet of things terminal, wherein the account registration information comprises an international mobile subscriber identity, IMSI, and a device identifier that are of the internet of things terminal; and is further configured to process a registration request that is sent by the interworking gateway and that is of the internet of things terminal; andthe interworking gateway is configured to: receive (305) the registration request from the internet of things terminal, and authenticate (306) the internet of things terminal based on a correspondence between an address and the device identifier that are of the internet of things terminal, wherein the correspondence is saved on the interworking gateway, comprising if the interworking gateway determines that a source address of the registration request is the same as the address that is recorded in the correspondence and that is of the internet of things terminal, and that a device identifier that is comprised in the registration request is the same as the device identifier that is recorded in the correspondence and that is of the internet of things terminal, the internet of things terminal is successfully authenticated; and after successfully authenticating the internet of things terminal, the interworking gateway is further configured to send (307) the registration request to the internet of things server.
- The internet of things system according to claim 1, wherein the interworking gateway is further configured to receive (302) a first message sent by the telecommunications network, wherein the first message comprises the address and the IMSI that are of the internet of things terminal, the first message is used to indicate, to the interworking gateway, that the internet of things terminal has established a connection to the telecommunications network, and the address of the internet of things terminal is the address that is allocated by the telecommunications network to the internet of things terminal.
- The internet of things system according to claim 2, whereinthe interworking gateway is further configured to send (303) a second message to the internet of things server, wherein the second message comprises the IMSI of the internet of things terminal, and the second message is used to indicate, to the internet of things server, that the internet of things terminal has established a connection to the telecommunications network;the internet of things server is further configured to: receive the second message sent by the interworking gateway, and send, to the interworking gateway, the device identifier that is recorded in the internet of things server, that corresponds to the IMSI, and that is of the internet of things terminal; andthe interworking gateway is further configured to receive the device identifier that is sent by the internet of things server, that is recorded in the internet of things server, and that is of the internet of things terminal; and is further configured to save the correspondence between the address and the device identifier that are of the internet of things terminal on the interworking gateway.
- The internet of things system according to claim 2 or 3, wherein the first message is an accounting request message sent by the telecommunications network.
- An internet of things communication method, comprising:receiving (305), by an interworking gateway, a registration request of an internet of things terminal; andsending (307), by the interworking gateway, the registration request to an internet of things server after successfully authenticating (306) the internet of things terminal based on a correspondence between an address and the device identifier that are of the internet of things terminal, wherein the correspondence is saved on the interworking gateway; comprising if the interworking gateway determines that a source address of the registration request is the same as the address that is recorded in the correspondence and that is of the internet of things terminal, and that a device identifier that is comprised in the registration request is the same as the device identifier that is recorded in the correspondence and that is of the internet of things terminal, the internet of things terminal is successfully authenticated.
- The method according to claim 5, wherein before the receiving, by an interworking gateway, a registration request of an internet of things terminal, the method further comprises:
receiving (302), by the interworking gateway, a first message sent by the telecommunications network, wherein the first message comprises the address and the IMSI that are of the internet of things terminal, the first message is used to indicate, to the interworking gateway, that the internet of things terminal has established a connection to the telecommunications network, and the address of the internet of things terminal is the address that is allocated by the telecommunications network to the internet of things terminal. - The method according to claim 6, wherein after the receiving, by the interworking gateway, a first message sent by the telecommunications network, the method further comprises:sending (303), by the interworking gateway, a second message to the internet of things server, wherein the second message comprises the IMSI of the internet of things terminal, and the second message is used to indicate, to the internet of things server, that the internet of things terminal has established a connection to the telecommunications network;receiving, by the interworking gateway, the device identifier that is sent by the internet of things server, that is recorded in the internet of things server, and that is of the internet of things terminal; andsaving, by the interworking gateway, the correspondence between the address and the device identifier that are of the internet of things terminal on the interworking gateway.
- The method according to claim 6 or 7, wherein the first message is an accounting request message sent by the telecommunications network.
- The method according to any one of claims 5 to 8, the method further comprises:receiving, by the interworking gateway, a bootstrap message sent by the internet of things server, wherein the bootstrap message comprises a device identifier of the internet of things server, and an address or identifier of the interworking gateway, and the bootstrap message is used to indicate that the internet of things terminal initiates registration to the interworking gateway; anddetermining, by the interworking gateway based on the device identifier that is comprised in the bootstrap message and that is of the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the bootstrap message to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the bootstrap message to the internet of things terminal.
- The method according to any one of claims 5 to 9, wherein after the sending, by the interworking gateway, the registration request to an internet of things server, the method further comprises:receiving (308), by the interworking gateway, a registration response sent by the internet of things server, wherein the registration response comprises the device identifier of the internet of things terminal;determining, by the interworking gateway, based on the device identifier that is comprised in the registration response and that is of the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the registration response to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the registration response to the internet of things terminal.
- The method according to claim 10, wherein the registration response that is received by the interworking gateway and that is sent by the internet of things server further comprises an identifier that is allocated by the internet of things server to the internet of things terminal, and the interworking gateway records the identifier that is allocated by the internet of things server to the internet of things terminal.
- The method according to claim 10 or 11, wherein after the sending, by the interworking gateway, the registration request to an internet of things terminal, the method further comprises:receiving, by the interworking gateway, a third message from the internet of things server, wherein the third message comprises the device identifier that is recorded in the correspondence and that is of the internet of things terminal or the identifier that is allocated by the internet of things server to the internet of things terminal; anddetermining, by the interworking gateway, based on the device identifier that is recorded in the correspondence and that is of the internet of things terminal or the identifier that is allocated by the internet of things server to the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the third message to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the third message to the internet of things terminal.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711070301.1A CN109756450B (en) | 2017-11-03 | 2017-11-03 | Method, device and system for communication of Internet of things and storage medium |
PCT/CN2018/111680 WO2019085803A1 (en) | 2017-11-03 | 2018-10-24 | Method, device and system for internet of things communication |
Publications (3)
Publication Number | Publication Date |
---|---|
EP3582532A1 EP3582532A1 (en) | 2019-12-18 |
EP3582532A4 EP3582532A4 (en) | 2020-04-15 |
EP3582532B1 true EP3582532B1 (en) | 2023-02-08 |
Family
ID=66333449
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18872718.4A Active EP3582532B1 (en) | 2017-11-03 | 2018-10-24 | Method, device and system for internet of things communication |
Country Status (6)
Country | Link |
---|---|
US (1) | US11729615B2 (en) |
EP (1) | EP3582532B1 (en) |
JP (1) | JP6908334B2 (en) |
KR (1) | KR102247485B1 (en) |
CN (1) | CN109756450B (en) |
WO (1) | WO2019085803A1 (en) |
Families Citing this family (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102531331B1 (en) * | 2018-07-13 | 2023-05-12 | 삼성전자주식회사 | Electronic apparatus and method for registering ownership |
GB2580420B (en) | 2019-01-11 | 2022-02-16 | Arm Ip Ltd | Electronic message adaptation |
GB2580421B (en) * | 2019-01-11 | 2021-09-15 | Arm Ip Ltd | Electronic message translation management |
CN110392445B (en) * | 2019-07-17 | 2022-10-28 | 青岛海尔科技有限公司 | Method, device and system for equipment distribution network |
CN112449341B (en) * | 2019-08-29 | 2022-08-09 | 华为云计算技术有限公司 | IoT (Internet of things) equipment data management method, device and system |
CN110493263B (en) * | 2019-09-17 | 2022-05-24 | 北京元安物联技术有限公司 | Gateway offline authentication method, device and system and computer readable storage medium |
JP7017547B2 (en) * | 2019-09-27 | 2022-02-08 | 日本電気株式会社 | Distribution system, distribution method and program, mobile terminal, gateway, distribution server |
CN112839309A (en) * | 2019-11-25 | 2021-05-25 | 中兴通讯股份有限公司 | Short message delivery method, network element registration method, device, gateway, system and storage medium |
CN113068199B (en) * | 2019-12-16 | 2023-04-07 | 中移物联网有限公司 | Data transmission method, device, system and storage medium |
CN113038592B (en) * | 2019-12-24 | 2023-05-05 | 阿里巴巴集团控股有限公司 | Communication method and device between Internet of things devices |
CN113452653B (en) * | 2020-03-25 | 2022-06-03 | 成都鼎桥通信技术有限公司 | Cross-gatekeeper communication method and system |
US20210304904A1 (en) * | 2020-03-27 | 2021-09-30 | Samsung Electronics Co., Ltd. | Method and system for managing queries of user in iot network |
KR20210128096A (en) | 2020-04-16 | 2021-10-26 | 세종대학교산학협력단 | Apparatus and method for interworking among internet of things platforms |
CN111586120B (en) * | 2020-04-26 | 2023-02-10 | 上海锐至信息技术股份有限公司 | Internet of things gateway equipment, data transmission method, storage medium and installation method |
KR102376433B1 (en) * | 2020-06-15 | 2022-03-18 | 주식회사 시옷 | A method of secure monitoring for multi network devices |
CN113965444B (en) * | 2020-07-01 | 2024-06-04 | 中国联合网络通信集团有限公司 | Remote recovery method and device for home gateway |
CN114039946A (en) * | 2020-07-21 | 2022-02-11 | 阿里巴巴集团控股有限公司 | Message transmission method and device, electronic device and storage medium |
US11790722B2 (en) | 2020-08-11 | 2023-10-17 | Best Lockers, Llc | Single-sided storage locker systems accessed and controlled using machine-readable codes scanned by mobile phones and computing devices |
US11631295B2 (en) | 2020-08-11 | 2023-04-18 | ScooterBug, Inc. | Wireless network, mobile systems and methods for controlling access to lockers, strollers, wheel chairs and electronic convenience vehicles provided with machine-readable codes scanned by mobile phones and computing devices |
US11995943B2 (en) | 2020-08-11 | 2024-05-28 | ScooterBug, Inc. | Methods of and systems for controlling access to networked devices provided with machine-readable codes scanned by mobile phones and computing devices |
CN112491788B (en) * | 2020-10-20 | 2023-04-25 | 北京泰豪智能工程有限公司 | Security cloud proxy service platform, implementation method and Internet of things system |
CN112398682B (en) * | 2020-10-22 | 2022-11-15 | 深圳奇迹智慧网络有限公司 | Internet of things gateway configuration method and device, computer equipment and storage medium |
CN112565334B (en) * | 2020-11-04 | 2022-10-25 | 深圳市宏电技术股份有限公司 | Access method and device of Internet of things equipment and MQTT gateway |
CN112437144B (en) * | 2020-11-16 | 2021-10-08 | 成都渊数科技有限责任公司 | Method and system for increasing access number of single edge server iot equipment |
CN112511509A (en) * | 2020-11-18 | 2021-03-16 | 联通智网科技有限公司 | Vehicle machine remote control method and system |
CN112492602B (en) * | 2020-11-19 | 2023-08-01 | 武汉武钢绿色城市技术发展有限公司 | 5G terminal safety access device, system and equipment |
CN112491663B (en) * | 2020-12-13 | 2021-07-27 | 北京哈工信息产业股份有限公司 | System and method for detecting and identifying terminal of Internet of things |
CN112637344A (en) * | 2020-12-23 | 2021-04-09 | 苏州三六零智能安全科技有限公司 | Monitoring method, equipment and device of Internet of things equipment and storage medium |
CN112651518B (en) * | 2020-12-25 | 2024-06-11 | 云镝智慧科技有限公司 | Product interaction method, device, computer equipment and storage medium |
CN113810455A (en) * | 2021-01-18 | 2021-12-17 | 北京京东拓先科技有限公司 | Back-end data access system, method, device and storage medium |
CN114793332A (en) * | 2021-01-25 | 2022-07-26 | 华为技术有限公司 | Message transmission method and related device |
CN112804730B (en) * | 2021-01-25 | 2023-09-08 | Oppo广东移动通信有限公司 | Equipment interconnection method, device, server, intelligent equipment and storage medium |
CN112887450B (en) * | 2021-02-20 | 2023-03-24 | 厦门熵基科技有限公司 | Communication address configuration method and device of Internet of things equipment |
CN113132219B (en) * | 2021-03-26 | 2022-07-12 | 杭州芯博士网络科技有限公司 | Network quick access method for Internet of things terminal and Internet of things network device |
CN113543293B (en) * | 2021-06-21 | 2023-06-27 | 天翼物联科技有限公司 | Narrowband Internet of things terminal supporting low-power-consumption operation and control method thereof |
CN113810512B (en) * | 2021-08-11 | 2023-06-30 | 天翼物联科技有限公司 | Internet of things terminal access system, method, device and storage medium |
CN113703710A (en) * | 2021-09-24 | 2021-11-26 | 京东方科技集团股份有限公司 | Picture updating method, Internet of things terminal and Internet of things system |
CN113965904B (en) * | 2021-10-28 | 2023-08-04 | 武汉慧联无限科技有限公司 | Device registration method, device and storage medium |
US20230156004A1 (en) * | 2021-11-15 | 2023-05-18 | Red Hat, Inc. | Scalable and secure edge cluster registration |
CN114025011B (en) * | 2021-11-22 | 2024-04-16 | 北京小米移动软件有限公司 | Device control method, device control apparatus, and storage medium |
CN113949657B (en) * | 2021-11-30 | 2023-04-18 | 中国电信股份有限公司 | Internet of things detection device, system and test method |
CN114339689B (en) * | 2021-12-30 | 2023-12-22 | 天翼物联科技有限公司 | Internet of things machine card binding pool management and control method, device and related medium |
CN116567778A (en) * | 2022-01-29 | 2023-08-08 | 维沃移动通信有限公司 | PIN construction method and device |
WO2023178691A1 (en) * | 2022-03-25 | 2023-09-28 | Oppo广东移动通信有限公司 | Security implementation method and apparatus, device and network element |
CN116938808A (en) * | 2022-03-30 | 2023-10-24 | 腾讯科技(深圳)有限公司 | Information processing method, apparatus, device, storage medium, and computer program product |
CN114979985A (en) * | 2022-05-19 | 2022-08-30 | 中国电信股份有限公司 | Indirect communication message transmission method, system and gateway equipment |
CN115065703A (en) * | 2022-06-17 | 2022-09-16 | 京东方科技集团股份有限公司 | Internet of things system, authentication and communication method thereof and related equipment |
CN117641320A (en) * | 2022-08-16 | 2024-03-01 | 华为技术有限公司 | Service flow routing method and device |
CN115348191B (en) * | 2022-08-24 | 2024-01-09 | 北京首信科技股份有限公司 | Internet of things terminal data acquisition method and device in wireless VPDN (virtual private digital network) |
CN115665684B (en) * | 2022-12-26 | 2023-03-10 | 中电信数字城市科技有限公司 | Networking architecture and control system for massive Internet of things terminals |
CN117082522B (en) * | 2023-07-07 | 2024-04-19 | 北京天融信网络安全技术有限公司 | Dynamic IP access method, device and equipment for Internet of things equipment |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8473620B2 (en) * | 2003-04-14 | 2013-06-25 | Riverbed Technology, Inc. | Interception of a cloud-based communication connection |
CN100379315C (en) * | 2005-06-21 | 2008-04-02 | 华为技术有限公司 | Method for carrying out authentication on user terminal |
KR101358846B1 (en) * | 2008-11-17 | 2014-02-06 | 퀄컴 인코포레이티드 | Remote access to local network |
CN101621801B (en) * | 2009-08-11 | 2012-11-28 | 华为终端有限公司 | Method, system, server and terminal for authenticating wireless local area network |
TWI519098B (en) * | 2009-12-28 | 2016-01-21 | 內數位專利控股公司 | Machine-to-machine gateway architecture |
CN101951597B (en) * | 2010-08-13 | 2013-02-13 | 北京智慧图科技发展有限责任公司 | Method, device and system for communicating among different types of networks |
EP2679073A4 (en) * | 2011-02-25 | 2016-10-19 | Ericsson Telefon Ab L M | Enabling ip-communication with a machine to machine unit |
JP5372100B2 (en) * | 2011-10-03 | 2013-12-18 | 日本電信電話株式会社 | COMMUNICATION SYSTEM, RELAY DEVICE, COMMUNICATION METHOD, RELAY METHOD, AND COMPUTER PROGRAM |
CN103685210B (en) * | 2012-09-26 | 2018-02-13 | 中兴通讯股份有限公司 | The register method and device of terminal |
CN103795785B (en) * | 2014-01-16 | 2019-01-08 | 加一联创电子科技有限公司 | Internet of Things network control method and terminal |
CN104363207B (en) * | 2014-10-29 | 2017-07-11 | 北京成众志科技有限公司 | Multiple-factor strengthens safely authorization and identification method |
CN106211152B (en) * | 2015-04-30 | 2019-09-06 | 新华三技术有限公司 | A kind of wireless access authentication method and device |
US9974015B2 (en) * | 2015-07-03 | 2018-05-15 | Afero, Inc. | Embedded internet of things (IOT) hub for integration with an appliance and associated systems and methods |
GB2540989B (en) * | 2015-08-03 | 2018-05-30 | Advanced Risc Mach Ltd | Server initiated remote device registration |
US9843929B2 (en) * | 2015-08-21 | 2017-12-12 | Afero, Inc. | Apparatus and method for sharing WiFi security data in an internet of things (IoT) system |
WO2017106258A1 (en) * | 2015-12-14 | 2017-06-22 | Afero, Inc. | System and method for establishing a secondary communication channel to control an internet of things (iot) device |
CN106996004A (en) * | 2016-01-26 | 2017-08-01 | 青岛海尔洗衣机有限公司 | A kind of intelligent electrical appliance control and use its washing machine |
US10615844B2 (en) * | 2016-03-15 | 2020-04-07 | Huawei Technologies Co., Ltd. | System and method for relaying data over a communication network |
WO2017168209A1 (en) * | 2016-03-30 | 2017-10-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Reachability for an m2m service provider network |
CA3034841A1 (en) * | 2016-08-22 | 2018-03-01 | fybr | System for distributed intelligent remote sensing systems |
WO2018127380A1 (en) * | 2017-01-03 | 2018-07-12 | Deutsche Telekom Ag | Method for data transmission between, on the one hand, an application server, and, on the other hand, at least one internet-of-things communication device using a mobile communication network, mobile communication network, system, internet-of-thing communication device, program and computer program product |
CN110268690B (en) * | 2017-02-06 | 2021-10-22 | Pcms控股公司 | Protecting device communications in an internet of things |
US10812526B2 (en) * | 2017-04-24 | 2020-10-20 | Caligo Systems Ltd. | Moving target defense for securing internet of things (IoT) |
CN109478179A (en) * | 2017-05-09 | 2019-03-15 | 诺基亚美国公司 | The connection of IoT equipment, discovery and networking |
US10708306B2 (en) * | 2017-06-15 | 2020-07-07 | Palo Alto Networks, Inc. | Mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks |
US10356092B2 (en) * | 2017-08-23 | 2019-07-16 | Redpine Signals, Inc. | Uncloneable registration of an internet of things (IoT) device in a network |
CN116074792A (en) * | 2017-09-08 | 2023-05-05 | 康维达无线有限责任公司 | Automatic service registration in a machine-to-machine communication network |
US10708780B2 (en) * | 2018-01-29 | 2020-07-07 | Silicon Laboratories Inc. | Registration of an internet of things (IoT) device using a physically uncloneable function |
-
2017
- 2017-11-03 CN CN201711070301.1A patent/CN109756450B/en active Active
-
2018
- 2018-10-24 KR KR1020197028894A patent/KR102247485B1/en active IP Right Grant
- 2018-10-24 WO PCT/CN2018/111680 patent/WO2019085803A1/en unknown
- 2018-10-24 JP JP2019548271A patent/JP6908334B2/en active Active
- 2018-10-24 EP EP18872718.4A patent/EP3582532B1/en active Active
-
2019
- 2019-10-14 US US16/600,914 patent/US11729615B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
US20200045546A1 (en) | 2020-02-06 |
JP2020515126A (en) | 2020-05-21 |
KR102247485B1 (en) | 2021-04-30 |
JP6908334B2 (en) | 2021-07-28 |
WO2019085803A1 (en) | 2019-05-09 |
US11729615B2 (en) | 2023-08-15 |
CN109756450B (en) | 2021-06-15 |
CN109756450A (en) | 2019-05-14 |
EP3582532A4 (en) | 2020-04-15 |
EP3582532A1 (en) | 2019-12-18 |
KR20190121842A (en) | 2019-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3582532B1 (en) | Method, device and system for internet of things communication | |
US11737156B2 (en) | Establishing a session or cellular Internet of Things packet transmission | |
US11070627B2 (en) | Discovery of a user plane function that supports cellular IoT optimization | |
US20210250736A1 (en) | Application Data Delivery Service For Networks Supporting Multiple Transport Mechanisms | |
US10313883B2 (en) | Methods, systems, and computer readable media for using authentication validation time periods | |
US9219999B2 (en) | Information push method, apparatus, and system | |
ES2374341T3 (en) | METHOD, SYSTEM AND DEVICE FOR PROCESSING ACCESS REQUEST INFORMATION. | |
US9247018B2 (en) | Method and apparatus for cooperation between push devices | |
US7450940B2 (en) | Wireless network communication system and method | |
JP5793812B2 (en) | Method, network side device, user equipment, and network system for triggering data offload | |
US11895716B2 (en) | Methods, systems, and computer readable media for providing a unified interface configured to support infrequent data communications via a network exposure function | |
EP4192184A1 (en) | Pdu session establishment method, terminal device, and chip system | |
US20180302479A1 (en) | Handling at least one communication exchange between a telecommunications network and at least one user equipment | |
US20240098148A1 (en) | Restoration of a pdn connection at pgw failure | |
KR20170132608A (en) | Signaling method for session connection, and apparatus implementing the same method | |
WO2021093863A1 (en) | Information processing method and apparatus, and computer-readable storage medium | |
EP4358476A1 (en) | Message processing method, apparatus and system, and computer-readable storage medium | |
KR102015413B1 (en) | Apparatus and method for establishing interface in a local network | |
WO2024097147A1 (en) | Method of ue reporting for ursp rule enforcement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20190911 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20200313 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 29/06 20060101ALI20200309BHEP Ipc: H04W 12/00 20090101AFI20200309BHEP |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20210428 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: HUAWEI CLOUD COMPUTING TECHNOLOGIES CO., LTD. |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602018046051 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04W0012060000 Ipc: H04L0009400000 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 101/654 20220101ALN20220809BHEP Ipc: H04W 88/16 20090101ALN20220809BHEP Ipc: H04L 67/12 20220101ALN20220809BHEP Ipc: H04W 76/10 20180101ALI20220809BHEP Ipc: H04W 52/02 20090101ALI20220809BHEP Ipc: H04W 12/72 20210101ALI20220809BHEP Ipc: H04W 4/70 20180101ALI20220809BHEP Ipc: H04L 61/2514 20220101ALI20220809BHEP Ipc: H04L 43/10 20220101ALI20220809BHEP Ipc: H04L 9/40 20220101AFI20220809BHEP |
|
INTG | Intention to grant announced |
Effective date: 20220824 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1547699 Country of ref document: AT Kind code of ref document: T Effective date: 20230215 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602018046051 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20230208 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230524 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1547699 Country of ref document: AT Kind code of ref document: T Effective date: 20230208 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230609 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230508 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230608 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230509 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IE Payment date: 20230912 Year of fee payment: 6 Ref country code: GB Payment date: 20230831 Year of fee payment: 6 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602018046051 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20230911 Year of fee payment: 6 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20231109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20230830 Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230208 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20231024 |